Schneier on Security
A blog covering security and security technology.
« Growth of the CSE |
| Security, Group Size, and the Human Brain »
June 30, 2009
I think this is a first.
Information security, and protection of your e-money. Electronic payments and calculations, on means of a network the Internet or by means of bank credit cards, continue to win the world market. Electronic payments, it quickly, conveniently, but is not safely. Now there is a real war, between users and hackers. Your credit card can be forgery. The virus can get into your computer. Most not pleasant, what none, cannot give you guarantees, safety.
But, this disgrace can put an end.
I have developed the program which, does impossible the fact of abduction of a passwords, countersign, and personal data of the users. In the program the technology of an artificial intellect is used. As you cannot, guess about what the person thinks. As and not possible to guess, algorithm of the program. This system to crack it is impossible.
I assure that this system, will be most popular in the near future. I wish to create the company, with branches in the different countries of the world, and I invite all interested persons.
Together we will construct very profitable business.
Posted on June 30, 2009 at 1:36 PM
• 52 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Well, I have to partially agree with him on one point.
".... you cannot, guess about what the person thinks....."
I certaintly can't guess what that person is thinking. Or for that matter, if he's thinking at all.
I feel this sudden, inexplicable urge... to... invest!!!
@Gord: Funny, I have an inexplicable urge to correct grammer :)
".... you cannot, guess about what the person thinks....."
I remember of a sci-fi novel where someone was specialized in guessing passwords. He studied the target person way of life and other everyday life details and came out with the right password.
he did it guessing what the person thinks.
I think that is possible.
@JB: Every year, there's a surplus of punctuation that goes unused by people constructing e-mail messages, participating in online chat, and so on. Good on this spammer for trying to use up some of that wasted punctuation. With more spammers like her or him, we can finally eliminate the mountains of wasted punctuation the government has dispose of ever year.
Oh, and it's "grammar".
I will DL and have a look.
@Kerub: You might be thinking of "Dogwalker", a short story by Orson Scott Card (http://en.wikipedia.org/wiki/Dogwalker)
How are you gentlemen !!
All your base are belong to us.
You are on the way to destruction.
You have no chance to survive make your time.
Ha ha ha ha....
The prose in the message is so bad that it's almost good!?
@Kerub: I remember of a sci-fi novel where someone was specialized in guessing passwords
Yep, I seem to recall the same story. Also used a bit of biometrics. Unfortunately, the guesser entered the correct password on the 1st attempt.
"This system to crack it is impossible" sounds rather poetic.
@Kerub and John,
I think it's Orson Scott Card's "Dogwalker" that you remember, from his collection Maps in a Mirror.
Is that Yoda trying to sell us his latest crypto-ware?
Oh! Well here is my credit card info then...
"All your crypt are belong to us!"
Talk about Tales From The Crypt! Back in the early 80's I was positing the possibility of using keystroke patterns of timing to authenticate users. No password necessary. Just display a random phrase (about 100 characters) for the user to type into the system, and the system can analyze the typing patterns of the user to determine if they are who they say they are. The main problem is what to do when you have broken your wrist and have to type single-handedly... :-)
Milan! What a wonderful idea... spam poetry! A lot of it does read like worded versions of modern art.
Is this actual spam (i.e., mailed in bulk), or is it a crank who singled you out and wants to be your business partner?
Hahahahaha! You tiny FOOL! Your ecommerce fraud fu is clearly inferior to my secret protection of end-users technique! Hahahahaha!
The well intentioned author is mistaken. Engrish is not encryption.
@Daniel Franke - I am assuming that it is someone who sent a message specifically to Bruce Schneier, and perhaps a few other crypto gurus, asking them to become a business partner.
Regardless of whether it was sent in bulk or not, this should be considered spam by its recipient. It's an unsolicited business proposal, just like the "first DEC spam" of 1978.
@Mailman: If that's the case I'm surprised it's a first. I've gotten much crankier stuff than this in my inbox, and obviously I'm a lot less famous than Bruce.
Sounds like one of the guys who tried to buy your laptop....
Yikes! Talk about security through obscurity!
I thought grammar school was mandatory, even in poorer countries.
My associates and I wish to invest $50 million (fifty million US dollars) in your wonderful company.
Please confirm your bank account details by wiring $100 to my bank account in Lagos, Nigeria. When we receive it and are able to confirm your bank details, we will immediately wire you the $50 million.
Did you receive this in your e-mail? Since you are a well-known authority on cryptography, isn't it more likely that this is an elaborate troll played against you, than an actual randomly-targeted spam?
..I am assuming of course, that millions of other people are not receiving the same message. Since spam filters eat 99% of them and us humans seldom read the rest, my assumption could be wrong.
Hey, maybe there is some hidden code in the message somewhere!
Are you sure that this isn't just spam steganography? That's the first thing I though of when I saw the title...and then the message.
Out of curiosity, was this idea "invented" by Shampoo?
actually I forwarded it to Bruce (June 24th), I found it highly amusing, didn't expect him to post it (maybe more people sent him copies, maybe it tickled him, etc.). Either way it rates in the top 100,000 weird spam I've received =).
... is no match for natural stupidity.
another types of overflow that occur in minds that shows the "overconfidence" and "overirrational" as the side effect, or main effect, probably
``As you cannot, guess about what the person thinks. ... This system to crack it is impossible."
I think he is suggesting we all use pass phrases.
Let's leave aside for a moment the fact that this is almost certainly a con. Clearly the person who wrote this message didn't have English as their first language and several commenters here have taken great delight in ridiculing the almost incomprehensible prose. I would just like to pose them a question: how well could YOU write something in another language? Several of you can't even spell or write grammatically correct English! (And no, I don't claim that my English is perfect!).
Any informed guesses as to which language it was translated from? No doubt the broken English phrases correspond to normal idioms in Chinese, or whatever.
It never fails to amaze me that people will go to the trouble of composing and sending out these missives, without bothering to get them translated by a competent English writer. How difficult can it be to find one these days, anywhere in the world?
My guess would be Chinese. I suspect it's either a word-by-word dictionary translation or it's been run through (poor) translation software.
Hmmm. Unexpected this is.
@qwertyuiop: "how well could YOU write something in another language?"
Probably not too well.
*However,* if I wanted to make money from a text in a foreign language, I would spend some effort to get it right.
@Kerub: I guessed you would think that.
Is this coming from Nigeria? I can give that person the contact information for that poor Nigerian fellow that needs help with all his money from the royal palace...
@Tom Welsh I don't think it's a translation at all. Like BCS, I think it's the result of a Markov chain text generator. I've been getting spam that seems to be seeded with the text of the page it's posted to - which probably helps beat things like the Akamai spam service.
As Kurt said he received it, I'd assume that his email was scraped from his website, and then the contents of his site used as the seed text.
The challenge is that junk mailers can go out of member directories and may place your e-mail address is an exemplary BOBE-weak system. It is often difficult or impossible to tell how a spammer acquired a user's e-mail address.
You must detect a disease in a spam center to keep up with several versions of the object that will enter the predictions that individual instances (clients) of all security-systems, whether based on hardware or software, will be able to get it right, and you want to avoid future spam, because one or more messages received are yet another explanation for free riding.
Sometimes, these attacks even take the form of time. The goal is to determine if they are generally cheap and easy to guess, and may receive more spam, because in terms of the spam we received, most were received from the payload.
For example, most people have a huge bearing on the address and will send it to Bruce Schneier, who has essentially free use of channels that he has subscribed or paid for.
As with spam, so with obscenity: You can't define it, but you know it when you have broken your wrist and have to type up the formulas that dance around in a foreign language. I would just like to pose them a question: how well could YOU write something in another language? Probably not too well when you have broken your wrist.
Whoa Bruce, for the first few sentences I though you got drunk and wrote a blog post!
In a way, it's fortunate so many spammers appear to be illiterate. Of course, using poor quality as a heuristic for identifying scams can backfire; a year or so ago, I received a letter claiming to be from my credit card company wanting to check a transaction. The printing was so poor, on flimsy 60 gsm paper, I thought it had to be an attempt at offline phishing - but no. Sadly, it was genuine, as was the equally poor letter from another CC company a year later.
i can haz safety computer-ware?
Sounds more like a quick and dirty use of Google's language tools. Probably made sense in his native tongue.
Oh dear. It seems that KRYPTOCHEF is at it again...
(See http://kryptochef.net/index2e.htm for, err, interesting times. As far as I know, it's not clear whether he is an elaborate hoax or not, but he's gained quite some notoriety in Germany.(
Wow... Kryptochef's website looks like the best that 1997 can buy! Complete with a tiled image background.
"Only Krypto master user can put
on new Krypto users." So its for Crypto Vampires?
As far as the Original post, this sounds a bit Boratish: "I assure that this system, will be most popular in the near future."
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.